如何在Django中记录成功和失败的登录和注销尝试? [英] How can I log both successful and failed login and logout attempts in Django?
问题描述
我想记录所有用户在Django中的登录和注销尝试.该记录应显示所有登录/注销用户的历史记录,IP地址和登录/注销时间.
I want to record all user login and logout attempts in Django. This record should show a history of all users who logged in/out, IP address and time of login/logout.
django_admin_log表似乎仅记录其他模型的ADD/DELETE/CHANGE活动,而不记录用户访问的历史记录.我也已经检查了user_logged_in,user_logged_out信号.看来,如果我将使用这些信号,则需要创建一个新表来记录所有用户登录/注销的历史记录. Django中有内置方法可以做到这一点吗?还是可用的软件包?我检查了其他软件包,与登录尝试有关的软件包仅限制失败的尝试,但不记录成功的登录/注销.
The django_admin_log table seems to only record ADD/DELETE/CHANGE activities of other models, not a history of user access. I've also already checked the user_logged_in, user_logged_out signals. It seems that if I will use these signals, I need to create a new table to record history of all user login/logout. Is there a built-in method in Django to do this? Or available packages? I've checked other packages, and those that are related to login attempts only limit failed attempts, but do not record successful logins/logouts.
推荐答案
You could hook up to the provided signals: django.contrib.auth.signals
import logging
from django.contrib.auth.signals import user_logged_in, user_logged_out, user_login_failed
from django.dispatch import receiver
log = logging.getLogger(__name__)
@receiver(user_logged_in)
def user_logged_in_callback(sender, request, user, **kwargs):
# to cover more complex cases:
# http://stackoverflow.com/questions/4581789/how-do-i-get-user-ip-address-in-django
ip = request.META.get('REMOTE_ADDR')
log.debug('login user: {user} via ip: {ip}'.format(
user=user,
ip=ip
))
@receiver(user_logged_out)
def user_logged_out_callback(sender, request, user, **kwargs):
ip = request.META.get('REMOTE_ADDR')
log.debug('logout user: {user} via ip: {ip}'.format(
user=user,
ip=ip
))
@receiver(user_login_failed)
def user_login_failed_callback(sender, credentials, **kwargs):
log.warning('logout failed for: {credentials}'.format(
credentials=credentials,
))
记录到模型/数据库
所以到目前为止,这个答案尚未被接受-这是一个在模型中放置动作而不是记录日志的示例:
Recording to model/database
So as this answer has not been accepted so far - here an example that sores the actions in a model instead of logging:
# <your_app>/models.py
from django.db import models
from django.contrib.auth.signals import user_logged_in, user_logged_out, user_login_failed
from django.dispatch import receiver
class AuditEntry(models.Model):
action = models.CharField(max_length=64)
ip = models.GenericIPAddressField(null=True)
username = models.CharField(max_length=256, null=True)
def __unicode__(self):
return '{0} - {1} - {2}'.format(self.action, self.username, self.ip)
def __str__(self):
return '{0} - {1} - {2}'.format(self.action, self.username, self.ip)
@receiver(user_logged_in)
def user_logged_in_callback(sender, request, user, **kwargs):
ip = request.META.get('REMOTE_ADDR')
AuditEntry.objects.create(action='user_logged_in', ip=ip, username=user.username)
@receiver(user_logged_out)
def user_logged_out_callback(sender, request, user, **kwargs):
ip = request.META.get('REMOTE_ADDR')
AuditEntry.objects.create(action='user_logged_out', ip=ip, username=user.username)
@receiver(user_login_failed)
def user_login_failed_callback(sender, credentials, **kwargs):
AuditEntry.objects.create(action='user_login_failed', username=credentials.get('username', None))
管理员
# <your_app>/admin.py
from django.contrib import admin
from models import AuditEntry
@admin.register(AuditEntry)
class AuditEntryAdmin(admin.ModelAdmin):
list_display = ['action', 'username', 'ip',]
list_filter = ['action',]
这篇关于如何在Django中记录成功和失败的登录和注销尝试?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
